Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The ts-poet npm package is a TypeScript code generation library that allows you to programmatically create TypeScript code. It is particularly useful for generating code based on some input data or schema, such as generating TypeScript types from a GraphQL schema or a protobuf definition.
Generating TypeScript Interfaces
This feature allows you to generate TypeScript interfaces programmatically. The code sample demonstrates how to create a 'User' interface with properties 'id', 'name', and 'email'.
const { Code, InterfaceSpec } = require('ts-poet');
const userInterface = InterfaceSpec.create('User')
.addProperty('id', 'number')
.addProperty('name', 'string')
.addProperty('email', 'string');
const code = Code.create(userInterface);
console.log(code.toString());
Generating TypeScript Classes
This feature allows you to generate TypeScript classes programmatically. The code sample demonstrates how to create a 'User' class with properties 'id', 'name', and 'email', and a constructor method.
const { Code, ClassSpec } = require('ts-poet');
const userClass = ClassSpec.create('User')
.addProperty('id', 'number')
.addProperty('name', 'string')
.addProperty('email', 'string')
.addMethod('constructor', 'constructor(id: number, name: string, email: string) { this.id = id; this.name = name; this.email = email; }');
const code = Code.create(userClass);
console.log(code.toString());
Generating TypeScript Functions
This feature allows you to generate TypeScript functions programmatically. The code sample demonstrates how to create a 'greet' function that takes a 'name' parameter and returns a greeting string.
const { Code, FunctionSpec } = require('ts-poet');
const greetFunction = FunctionSpec.create('greet')
.addParameter('name', 'string')
.setReturnType('string')
.setBody('return `Hello, ${name}!`;');
const code = Code.create(greetFunction);
console.log(code.toString());
The 'typescript' package is the official TypeScript compiler and language service. While it does not focus on code generation, it provides the necessary tools to parse, analyze, and transform TypeScript code, which can be used for code generation tasks.
The 'ts-morph' package is a TypeScript compiler API wrapper that simplifies working with the TypeScript AST (Abstract Syntax Tree). It provides a higher-level API for creating, navigating, and manipulating TypeScript code, making it a powerful tool for code generation and transformation tasks.
The 'codegen' package is a general-purpose code generation library that supports multiple languages, including TypeScript. It provides a flexible API for generating code structures, making it a versatile alternative to ts-poet for various code generation needs.
ts-poet is a TypeScript code generator, inspired by Square's JavaPoet code generation DSL.
(Specifically it's a port of Outfoxx's typescriptpoet, which also generates TypeScript, but is written in Kotlin.)
The goal is to provide a middle ground in code generation that is:
a) Higher-level than templates and raw string interpolation, which often become spaghetti code to maintain, and
b) Easier-to-use than pure AST code generation (i.e. using Babel AST) where putting together simple "if" expressions is very tedious.
ts-poet achieves this by, as inspired by JavaPoet, having a DSL for building out high-level entities like types, classes, functions, and methods, but then deferring method/function implementations to a more pragmatic "combine a bunch of statements/strings" approach.
Here's a HelloWorld
file:
import {Observable} from 'rxjs/Observable';
import 'rxjs/add/observable/from';
class Greeter {
private name: string;
constructor(private name: string) {
}
greet(): Observable<string> {
return Observable.from(`Hello $name`)};
}
}
And this is the code to generate it with TypeScriptPoet:
const observableTypeName = TypeNames.importedType("@rxjs/Observable")
val testClass = ClassSpec.create("Greeter")
.addProperty("name", TypeName.STRING, false, Modifier.PRIVATE)
.constructor(
FunctionSpec.constructorBuilder()
.addParameter("name", TypeName.STRING, false, Modifier.PRIVATE)
)
.addFunction(
FunctionSpec.create("greet")
.returns(TypeNames.parameterizedType(observableTypeName, TypeName.STRING))
.addCode("return %T.%N(`Hello \$name`)", observableTypeName, SymbolSpec.from("+rxjs/add/observable/from#Observable"))
);
FileSpec.create("Greeter").addClass(testClass).toString()
FunctionSpec
, ClassSpec
, etc., classes are themselves directly immutable and the addProperty
methods return copies.FAQs
code generation DSL for TypeScript
The npm package ts-poet receives a total of 493,177 weekly downloads. As such, ts-poet popularity was classified as popular.
We found that ts-poet demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.